---
- name: Merge variables
  hosts: all
  tasks:
  - name: Merge system_email definitions
    set_fact:
      system_email: "{{ default_system_email | combine(system_email | default({}, true), recursive=True) }}"
  - name: Merge domain definitions
    set_fact:
      domains: "{{ defaults_domains | combine(domains | default({}, true), recursive=True) }}"

  - name: Merge redirect domain definitions into dictionary
    set_fact:
      combined_mapping: >-
        {{
          (defaults_redirect_domain_mappings | items2dict(key_name='source', value_name='target'))
          | combine(
              (redirect_domain_mappings | default([]) | items2dict(key_name='source', value_name='target')),
              recursive=True
            )
        }}

  - name: Transform combined mapping to list with source and target keys
    set_fact:
      redirect_domain_mappings: "{{ redirect_domain_mappings | default([]) + [ {'source': item.key, 'target': item.value} ] }}"
    loop: "{{ combined_mapping | dict2items }}"

  - name: Merge application definitions
    set_fact:
      applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"

  - name: Merge networks definitions
    set_fact:
      networks: "{{ defaults_networks | combine(networks | default({}, true), recursive=True) }}"
  
  - name: Merge oidc configuration
    set_fact:
      oidc: "{{ defaults_oidc | combine(oidc | default({}, true), recursive=True) }}"

  - name: Merge design configuration
    set_fact:
      design: "{{ defaults_design | combine(design | default({}, true), recursive=True) }}"

  - name: Merge service_provider configuration
    set_fact:
      service_provider: "{{ defaults_service_provider | combine(service_provider | default({}, true), recursive=True) }}"

  - name: print oidc dict
    debug:
      var: oidc
    when: enable_debug | bool

- name: update device
  hosts:  all
  become: true
  roles:
    - role: update
      when: mode_update | bool

- name: setup standard wireguard
  hosts: wireguard_server
  become: true
  roles:
    - wireguard

# vpn setup
- name: setup wireguard client behind firewall\nat
  hosts: wireguard_behind_firewall
  become: true
  roles:
    - client-wireguard-behind-firewall

- name: setup wireguard client
  hosts: wireguard_client
  become: true
  roles:
    - client-wireguard

## backup setup
- name: setup replica backup hosts
  hosts: backup_remote_to_local
  become: true
  roles:
    - role: backup-remote-to-local

- name: setup backup to swappable
  hosts: backup_to_usb
  become: true
  roles:
    - backup-data-to-usb

## driver setup
- name: driver-intel
  hosts: intel
  become: true
  roles:
    - driver-intel

- name: setup multiprinter hosts
  hosts: epson_multiprinter
  become: true
  roles:
    - driver-epson-multiprinter

## system setup 
- name: setup swapfile hosts
  hosts: swapfile
  become: false
  roles:
    - system-swapfile